CVE-2013-1864
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
Portable Tool Library (también conocido como PTLib) anterior a 2.10.10, utilizado en Ekiga anterior a 4.0.1, no detecta debidamente recursión durante expansión de entidad, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un documento PXML manipulado que contiene un número grande de referencias de entidad anidadas, también conocido como 'ataque de un billón de risas.'
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-02-19 CVE Reserved
- 2014-05-23 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://osvdb.org/91439 | Vdb Entry | |
http://seclists.org/oss-sec/2013/q1/674 | Mailing List | |
http://secunia.com/advisories/52659 | Third Party Advisory | |
http://www.securityfocus.com/bid/58520 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/82885 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://sourceforge.net/p/opalvoip/code/28856 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available | 2017-08-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opalvoip Search vendor "Opalvoip" | Portable Tool Library Search vendor "Opalvoip" for product "Portable Tool Library" | 2.10.1 Search vendor "Opalvoip" for product "Portable Tool Library" and version "2.10.1" | - |
Affected
| ||||||
Opalvoip Search vendor "Opalvoip" | Portable Tool Library Search vendor "Opalvoip" for product "Portable Tool Library" | 2.10.2 Search vendor "Opalvoip" for product "Portable Tool Library" and version "2.10.2" | - |
Affected
| ||||||
Opalvoip Search vendor "Opalvoip" | Portable Tool Library Search vendor "Opalvoip" for product "Portable Tool Library" | 2.10.7 Search vendor "Opalvoip" for product "Portable Tool Library" and version "2.10.7" | - |
Affected
| ||||||
Opalvoip Search vendor "Opalvoip" | Portable Tool Library Search vendor "Opalvoip" for product "Portable Tool Library" | 2.10.9 Search vendor "Opalvoip" for product "Portable Tool Library" and version "2.10.9" | - |
Affected
| ||||||
Ekiga Search vendor "Ekiga" | Ekiga Search vendor "Ekiga" for product "Ekiga" | <= 4.0.0 Search vendor "Ekiga" for product "Ekiga" and version " <= 4.0.0" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Suse Linux Enterprise Software Development Kit Search vendor "Suse" for product "Suse Linux Enterprise Software Development Kit" | 11.0 Search vendor "Suse" for product "Suse Linux Enterprise Software Development Kit" and version "11.0" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Suse Linux Enterprise Desktop Search vendor "Suse" for product "Suse Linux Enterprise Desktop" | 11.0 Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "11.0" | sp3 |
Affected
|